Control-flow Reconstruction Attacks on Business Process Models

TL;DR

This paper investigates the risks of revealing sensitive business process information through control-flow reconstruction attacks on annotated process models, highlighting potential privacy vulnerabilities.

Contribution

It introduces empirical methods for reconstructing process control-flow from annotated models and evaluates attack success on real-world datasets.

Findings

Reconstruction attacks can successfully infer original process flows.

Frequency annotations can be exploited to improve attack accuracy.

Publishing annotated models poses privacy risks.

Abstract

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.